Experience with migration from samba3 to samba4 and ovirt tests
aescanero at gmail.com
Tue Nov 13 14:36:22 MST 2012
2012/11/13 Andrew Bartlett <abartlet at samba.org>
> On Tue, 2012-11-13 at 17:02 +0100, Alejandro wrote:
> > I use the samba-tool domain samba3upgrade to move from samba3 ldap to
> > samba4. All was ok, but when I was triing to add domain to a Ovirt 3.1
> > Engine I find that no user has a UPN (UserPrincipalName) attribute.
> > Ovirt use UPN in the ldap search to find the username with the usual
> > LOGIN at DOMAINFQDN, but I find me forced to use a ldap tool to add the UPN
> > attribute to the needed users.
> > Is a problem with migration or Samba4 don't create the UPN attrbute?
> I've had folks mention this before, but I'm not aware how we are any
> different to a windows AD DC in this regard. If you can show me how we
> differ, we can fix this up.
> Why does it have to do a search? Against AD, if you are doing 'ldap
> authentication' you can just log in with user at domain.com as the 'bind
Appear that Ovirt do not only ldap authentication, is doing all the searchs
in UPD format, example of filter to add Ovirt to the domain:
filter=(&(sAMAccountType=805306368)(userPrincipalName=LOGIN at DOMAINFQDN))
A search for any user is like:
Ovirt need the UPN attribute even for search.
I can't test any Windows Server for this attribute (I don't have any AD
where I work).
There are any Idea about the UPN attribute?
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
Alejandro Escanero Blanco
Consultor de sistemas basados en fuentes abiertas
Desarrollador de FusionDirectory (http://www.fusiondirectory.org)
Jabber: blainett at jabberes.com
More information about the samba-technical